{
  description = "tlater.net host configuration";

  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11-small";
    nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable-small";
    disko = {
      url = "github:nix-community/disko";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    deploy-rs.url = "github:serokell/deploy-rs";
    sops-nix = {
      url = "github:Mic92/sops-nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    tlaternet-webserver = {
      url = "git+https://gitea.tlater.net/tlaternet/tlaternet.git";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    foundryvtt = {
      url = "github:reckenrode/nix-foundryvtt";
      inputs.nixpkgs.follows = "nixpkgs";
    };

    sonnenshift = {
      url = "git+ssh://git@github.com/sonnenshift/battery-manager?ref=tlater/rust-rewrite";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };

  outputs =
    {
      self,
      nixpkgs,
      sops-nix,
      deploy-rs,
      ...
    }@inputs:
    let
      system = "x86_64-linux";
      pkgs = nixpkgs.legacyPackages.${system};

      vm = nixpkgs.lib.nixosSystem {
        inherit system;
        specialArgs.flake-inputs = inputs;

        modules = [
          ./configuration
          ./configuration/hardware-specific/vm.nix
        ];
      };
    in
    {
      ##################
      # Configurations #
      ##################
      nixosConfigurations = {
        # The actual system definition
        hetzner-1 = nixpkgs.lib.nixosSystem {
          inherit system;
          specialArgs.flake-inputs = inputs;

          modules = [
            ./configuration
            ./configuration/hardware-specific/hetzner
          ];
        };
      };

      ############################
      # Deployment configuration #
      ############################
      deploy.nodes = {
        hetzner-1 = {
          hostname = "116.202.158.55";

          profiles.system = {
            user = "root";
            path = deploy-rs.lib.${system}.activate.nixos self.nixosConfigurations.hetzner-1;
          };

          sshUser = "tlater";
          sshOpts = [
            "-p"
            "2222"
            "-o"
            "ForwardAgent=yes"
          ];
        };
      };

      #########
      # Tests #
      #########
      checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;

      ###########################
      # Garbage collection root #
      ###########################

      packages.${system} =
        let
          localPkgs = import ./pkgs { inherit pkgs; };
        in
        {
          default = vm.config.system.build.vm;
          crowdsec-hub = localPkgs.crowdsec.hub;
          crowdsec-firewall-bouncer = localPkgs.crowdsec.firewall-bouncer;
        };

      ###################
      # Utility scripts #
      ###################
      apps.${system} = {
        default = self.apps.${system}.run-vm;

        run-vm = {
          type = "app";
          program =
            let
            in
            (pkgs.writeShellScript "" ''
              ${vm.config.system.build.vm.outPath}/bin/run-testvm-vm
            '').outPath;
        };

        update-crowdsec-packages =
          let
            git = pkgs.lib.getExe pkgs.git;
            nvfetcher = pkgs.lib.getExe pkgs.nvfetcher;
          in
          {
            type = "app";
            program =
              (pkgs.writeShellScript "update-crowdsec-packages" ''
                cd "$(${git} rev-parse --show-toplevel)"
                cd ./pkgs/crowdsec
                ${nvfetcher}
                echo 'Remember to update the vendorHash of any go packages!'
              '').outPath;
          };
      };

      ###########################
      # Development environment #
      ###########################
      devShells.${system}.default = nixpkgs.legacyPackages.${system}.mkShell {
        sopsPGPKeyDirs = [
          "./keys/hosts/"
          "./keys/users/"
        ];
        nativeBuildInputs = [ sops-nix.packages.${system}.sops-import-keys-hook ];

        packages = with pkgs; [
          sops-nix.packages.${system}.sops-init-gpg-key
          deploy-rs.packages.${system}.default

          nixpkgs-fmt

          cargo
          clippy
          rustc
          rustfmt
          rust-analyzer
          pkg-config
          openssl
        ];
      };
    };
}